diff --git a/scripts/init-containers/config/config_environment.sh b/scripts/init-containers/config/config_environment.sh
index fc6a7a6..ed00ea6 100644
--- a/scripts/init-containers/config/config_environment.sh
+++ b/scripts/init-containers/config/config_environment.sh
@@ -73,9 +73,9 @@ function env2ini::reload_preset_envs() {
     env2ini::log "  + '${setting}'"
 
     export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
-  done < "/tmp/existing-envs"
+  done < "$TMP_EXISTING_ENVS_FILE"
 
-  rm /tmp/existing-envs
+  rm $TMP_EXISTING_ENVS_FILE
 }
 
 
@@ -124,13 +124,13 @@ function env2ini::generate_initial_secrets() {
 }
 
 # save existing envs prior to script execution. Necessary to keep order of preexisting and custom envs
-env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > /tmp/existing-envs
+env | (grep -e '^GITEA__' || [[ $? == 1 ]]) > $TMP_EXISTING_ENVS_FILE
 
 # MUST BE CALLED BEFORE OTHER CONFIGURATION
 env2ini::generate_initial_secrets
 
-env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
-env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
+env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/inlines/"
+env2ini::load_config_sources "$ENV_TO_INI_MOUNT_POINT/additionals/"
 
 # load existing envs to override auto generated envs
 env2ini::reload_preset_envs
diff --git a/scripts/init-containers/init/configure_gpg_environment.sh b/scripts/init-containers/init/configure_gpg_environment.sh
index 686a318..894eb1d 100644
--- a/scripts/init-containers/init/configure_gpg_environment.sh
+++ b/scripts/init-containers/init/configure_gpg_environment.sh
@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 set -eu
 
-gpg --batch --import /raw/private.asc
+gpg --batch --import "$TMP_RAW_GPG_KEY"
diff --git a/templates/gitea/deployment.yaml b/templates/gitea/deployment.yaml
index 9981e67..f200c11 100644
--- a/templates/gitea/deployment.yaml
+++ b/templates/gitea/deployment.yaml
@@ -107,6 +107,10 @@ spec:
               value: /data
             - name: GITEA_TEMP
               value: /tmp/gitea
+            - name: TMP_EXISTING_ENVS_FILE
+              value: /tmp/existing-envs
+            - name: ENV_TO_INI_MOUNT_POINT
+              value: /env-to-ini-mounts
             {{- if .Values.deployment.env }}
             {{- toYaml .Values.deployment.env | nindent 12 }}
             {{- end }}
@@ -149,6 +153,8 @@ spec:
           env:
             - name: GNUPGHOME
               value: {{ .Values.signing.gpgHome }}
+            - name: TMP_RAW_GPG_KEY
+              value: /raw/private.asc
           volumeMounts:
             - name: init
               mountPath: /usr/sbin
diff --git a/unittests/helm/deployment/basic.yaml b/unittests/helm/deployment/basic.yaml
index c18fc36..a59039c 100644
--- a/unittests/helm/deployment/basic.yaml
+++ b/unittests/helm/deployment/basic.yaml
@@ -29,3 +29,19 @@ tests:
           path: spec.template.metadata.labels
           content:
             hello: world
+  - it: "injects TMP_EXISTING_ENVS_FILE as environment variable to 'init-app-ini' init container"
+    template: templates/gitea/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.initContainers[1].env
+          content:
+            name: TMP_EXISTING_ENVS_FILE
+            value: /tmp/existing-envs
+  - it: "injects ENV_TO_INI_MOUNT_POINT as environment variable to 'init-app-ini' init container"
+    template: templates/gitea/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.initContainers[1].env
+          content:
+            name: ENV_TO_INI_MOUNT_POINT
+            value: /env-to-ini-mounts
diff --git a/unittests/helm/deployment/signing-enabled.yaml b/unittests/helm/deployment/signing-enabled.yaml
index 9ada1f5..60179be 100644
--- a/unittests/helm/deployment/signing-enabled.yaml
+++ b/unittests/helm/deployment/signing-enabled.yaml
@@ -28,6 +28,8 @@ tests:
           value:
             - name: GNUPGHOME
               value: /data/git/.gnupg
+            - name: TMP_RAW_GPG_KEY
+              value: /raw/private.asc
       - equal:
           path: spec.template.spec.initContainers[2].volumeMounts
           value:
diff --git a/unittests/helm/init/init_directory_structure.sh-rootless.yaml b/unittests/helm/init/init_directory_structure.sh-rootless.yaml
index 63a244e..0314bc1 100644
--- a/unittests/helm/init/init_directory_structure.sh-rootless.yaml
+++ b/unittests/helm/init/init_directory_structure.sh-rootless.yaml
@@ -19,7 +19,7 @@ tests:
             #!/usr/bin/env bash
             set -eu
 
-            gpg --batch --import /raw/private.asc
+            gpg --batch --import "$TMP_RAW_GPG_KEY"
   - it: skips gpg script block for disabled signing
     asserts:
       - equal:
diff --git a/unittests/helm/init/init_directory_structure.sh.yaml b/unittests/helm/init/init_directory_structure.sh.yaml
index 56b7402..bdd6b8a 100644
--- a/unittests/helm/init/init_directory_structure.sh.yaml
+++ b/unittests/helm/init/init_directory_structure.sh.yaml
@@ -20,7 +20,7 @@ tests:
             #!/usr/bin/env bash
             set -eu
 
-            gpg --batch --import /raw/private.asc
+            gpg --batch --import "$TMP_RAW_GPG_KEY"
   - it: skips gpg script block for disabled signing
     set:
       image.rootless: false